Fortinet black logo

CLI Reference

fmpolicy

fmpolicy

Use these commands to perform policy and object related actions:

fmpolicy check-upgrade-object

Use this command to check/upgrade objects by syntax.

Syntax

execute fmpolicy check-upgrade-object manual {checking | fixing} {basic | auto | misc | full}

execute fmpolicy check-upgrade-object report

execute fmpolicy check-upgrade-object reset

Variable

Description

<action>

Enter the auto upgrade action:

  • manual: run auto-upgrade manually.
  • report: show checking/upgrade report.
  • reset: cleanup saved checking/upgrade status

{checking | fixing}

  • checking: only do checking.
  • fixing: checking and fixing.

{basic | auto | misc | full}

  • basic: only do basic (know cases) checking/fixing.
  • auto: only do auto (syntax based) checking/fixing.
  • misc: only do misc (know cases) checking/fixing.
  • full: do a full basic/auto/misc checking/fixing.

fmgpolicy clone-adom-object

Use this command to clone an ADOM object.

Syntax

execute fmpolicy clone-adom-object <src-adom> <category> <key> <target-adom> <new-key>

Variable

Description

<arc-adom>

Enter the name of the source ADOM.

<category>

Enter the name of the category in the ADOM.

<key>

Enter the name of the object key.

<target-adom>

Enter the name of the target ADOM.

<new-key>

Enter the name of the new key.

fmpolicy copy-adom-object

Use this command to set the policy to copy an ADOM object.

Syntax

execute fmpolicy copy-adom-object <adom> <category> <key> <device> <vdom>

Variable

Description

<adom>

Enter the name of the ADOM.

<category>

Enter the name of the category in the ADOM.

<key>

Enter the name of the object key.

<device>

Enter the name of the device.

<vdom>

Enter the name of the VDOM.

fmpolicy install-config

Use this command to install the configuration for an ADOM.

Syntax

execute fmpolicy install-config <adom> <device_id> <revname>

Variable

Description

<adom>

Enter the name of the ADOM.

<device_id>

Enter the device id of the ADOM.

<revname>

Enter the revision name.

fmpolicy print-adom-database

Use this command to display the device database configuration for an ADOM.

Syntax

execute fmpolicy print-adom-database <adom_name> <output_filename>

fmpolicy print-adom-object

Use this command to display the device objects.

Syntax

execute fmpolicy print-adom-object <adom_name>

execute fmpolicy print-adom-object <adom_name> <category> {all | list} <output>

execute fmpolicy print-adom-object Global <category> {all | list} <output>

Variable

Description

<adom_name>

Enter the name of the ADOM or “Global”.

<category>

Enter the category name.

{all | list}

  • all: Show all objects.
  • list: Get all objects.

<output>

Output file name (output dump to file: [/tmp/pl]).

fmpolicy print-adom-package

Use this command to display the package for an ADOM.

Syntax

execute fmpolicy print-adom-package <adom> <package_name> <category_name> <object_name> <output>

execute fmpolicy print-adom-package Global <package_name> <category_name> {all | list} <output>

Variable

Description

<adom>

Enter the name of the ADOM or “Global”.

<package_name>

Enter the package name ID.

<category_name>

Enter the category name.

{all | list}

  • all: Show all objects.
  • list: Get all objects.

<object_name>

Show object by name. Enter all to show all objects, or enter list to get all objects.

<output>

Output file name (output dump to file: [/tmp/pl]).

fmpolicy print-device-database

Use this command to print the device database configuration.

Syntax

execute fmpolicy print-device-database <device_name> <output>

Variable

Description

<device_name>

Enter the name of the device.

<output>

Output file name (output dump to file: [/tmp/pl]).

fmpolicy print-device-object

Use this command to display the device objects.

Syntax

execute fmpolicy print-device-object <device_name> <vdom> <category> {<key> | list | all} <output>

Variable

Description

<device_name>

Enter the name of the device.

<vdom>

Enter the VDOM name.

<category>

Enter the category name.

{<key> | list | all}

  • all: Show all objects.
  • list: Get all objects.

<output>

Output file name (output dump to file: [/tmp/pl]).

fmpolicy print-prov-templates

Use this command to print provisioning templates.

Syntax

execute fmpolicy print-prov-templates <adom> <prov> <package> <category> {<key> | list | all} <output>

Variable

Description

<adom>

Enter the name of the ADOM.

<prov>

Enter the provisioning template name:

  • 5: System Templates
  • 8: FortiClient Templates
  • 9: Threat Weight Templates
  • 10: WiFi Templates

<package>

Enter the package name.

<category>

Enter the category name.

{<key> | list | all}

  • all: Show all objects.
  • list: Get all objects.

<output>

Output file name (output dump to file: [/tmp/pl]).

fmpolicy print-prov-database

Use this command to print provisioning databases.

Syntax

execute fmpolicy print-prov-database <adom> <output>

Variable

Description

<adom>

Enter the name of the ADOM.

<output>

Output file name (output dump to file: [/tmp/pl]).

fmpolicy promote-adom-object

Use this command to promote an ADOM object.

Syntax

execute fmpolicy promote-adom-object <adom> <category> <key> <new-key>

Variable

Description

<adom>

Enter the name of the source ADOM.

<category>

Enter the name of the category in the ADOM.

<key>

Enter the name of the object key.

<new-key>

Enter the name of the new key.

fmpolicy upload-print-log

Use this command to upload the latest print command logs to a server.

Syntax

execute fmpolicy upload-print-log [ftp|scp|sftp] <server> <port> <path> <user> <passwd>

Variable

Description

[ftp|scp|sftp]

Enter the type of server to upload the logs to.

<server>

Enter the server IP address or DNS.

<port>

Enter the port number (0 for default).

<path>

Enter the path on the server.

<user>

Enter the username.

<passwd.

Enter the user's password.

fmpolicy

Use these commands to perform policy and object related actions:

fmpolicy check-upgrade-object

Use this command to check/upgrade objects by syntax.

Syntax

execute fmpolicy check-upgrade-object manual {checking | fixing} {basic | auto | misc | full}

execute fmpolicy check-upgrade-object report

execute fmpolicy check-upgrade-object reset

Variable

Description

<action>

Enter the auto upgrade action:

  • manual: run auto-upgrade manually.
  • report: show checking/upgrade report.
  • reset: cleanup saved checking/upgrade status

{checking | fixing}

  • checking: only do checking.
  • fixing: checking and fixing.

{basic | auto | misc | full}

  • basic: only do basic (know cases) checking/fixing.
  • auto: only do auto (syntax based) checking/fixing.
  • misc: only do misc (know cases) checking/fixing.
  • full: do a full basic/auto/misc checking/fixing.

fmgpolicy clone-adom-object

Use this command to clone an ADOM object.

Syntax

execute fmpolicy clone-adom-object <src-adom> <category> <key> <target-adom> <new-key>

Variable

Description

<arc-adom>

Enter the name of the source ADOM.

<category>

Enter the name of the category in the ADOM.

<key>

Enter the name of the object key.

<target-adom>

Enter the name of the target ADOM.

<new-key>

Enter the name of the new key.

fmpolicy copy-adom-object

Use this command to set the policy to copy an ADOM object.

Syntax

execute fmpolicy copy-adom-object <adom> <category> <key> <device> <vdom>

Variable

Description

<adom>

Enter the name of the ADOM.

<category>

Enter the name of the category in the ADOM.

<key>

Enter the name of the object key.

<device>

Enter the name of the device.

<vdom>

Enter the name of the VDOM.

fmpolicy install-config

Use this command to install the configuration for an ADOM.

Syntax

execute fmpolicy install-config <adom> <device_id> <revname>

Variable

Description

<adom>

Enter the name of the ADOM.

<device_id>

Enter the device id of the ADOM.

<revname>

Enter the revision name.

fmpolicy print-adom-database

Use this command to display the device database configuration for an ADOM.

Syntax

execute fmpolicy print-adom-database <adom_name> <output_filename>

fmpolicy print-adom-object

Use this command to display the device objects.

Syntax

execute fmpolicy print-adom-object <adom_name>

execute fmpolicy print-adom-object <adom_name> <category> {all | list} <output>

execute fmpolicy print-adom-object Global <category> {all | list} <output>

Variable

Description

<adom_name>

Enter the name of the ADOM or “Global”.

<category>

Enter the category name.

{all | list}

  • all: Show all objects.
  • list: Get all objects.

<output>

Output file name (output dump to file: [/tmp/pl]).

fmpolicy print-adom-package

Use this command to display the package for an ADOM.

Syntax

execute fmpolicy print-adom-package <adom> <package_name> <category_name> <object_name> <output>

execute fmpolicy print-adom-package Global <package_name> <category_name> {all | list} <output>

Variable

Description

<adom>

Enter the name of the ADOM or “Global”.

<package_name>

Enter the package name ID.

<category_name>

Enter the category name.

{all | list}

  • all: Show all objects.
  • list: Get all objects.

<object_name>

Show object by name. Enter all to show all objects, or enter list to get all objects.

<output>

Output file name (output dump to file: [/tmp/pl]).

fmpolicy print-device-database

Use this command to print the device database configuration.

Syntax

execute fmpolicy print-device-database <device_name> <output>

Variable

Description

<device_name>

Enter the name of the device.

<output>

Output file name (output dump to file: [/tmp/pl]).

fmpolicy print-device-object

Use this command to display the device objects.

Syntax

execute fmpolicy print-device-object <device_name> <vdom> <category> {<key> | list | all} <output>

Variable

Description

<device_name>

Enter the name of the device.

<vdom>

Enter the VDOM name.

<category>

Enter the category name.

{<key> | list | all}

  • all: Show all objects.
  • list: Get all objects.

<output>

Output file name (output dump to file: [/tmp/pl]).

fmpolicy print-prov-templates

Use this command to print provisioning templates.

Syntax

execute fmpolicy print-prov-templates <adom> <prov> <package> <category> {<key> | list | all} <output>

Variable

Description

<adom>

Enter the name of the ADOM.

<prov>

Enter the provisioning template name:

  • 5: System Templates
  • 8: FortiClient Templates
  • 9: Threat Weight Templates
  • 10: WiFi Templates

<package>

Enter the package name.

<category>

Enter the category name.

{<key> | list | all}

  • all: Show all objects.
  • list: Get all objects.

<output>

Output file name (output dump to file: [/tmp/pl]).

fmpolicy print-prov-database

Use this command to print provisioning databases.

Syntax

execute fmpolicy print-prov-database <adom> <output>

Variable

Description

<adom>

Enter the name of the ADOM.

<output>

Output file name (output dump to file: [/tmp/pl]).

fmpolicy promote-adom-object

Use this command to promote an ADOM object.

Syntax

execute fmpolicy promote-adom-object <adom> <category> <key> <new-key>

Variable

Description

<adom>

Enter the name of the source ADOM.

<category>

Enter the name of the category in the ADOM.

<key>

Enter the name of the object key.

<new-key>

Enter the name of the new key.

fmpolicy upload-print-log

Use this command to upload the latest print command logs to a server.

Syntax

execute fmpolicy upload-print-log [ftp|scp|sftp] <server> <port> <path> <user> <passwd>

Variable

Description

[ftp|scp|sftp]

Enter the type of server to upload the logs to.

<server>

Enter the server IP address or DNS.

<port>

Enter the port number (0 for default).

<path>

Enter the path on the server.

<user>

Enter the username.

<passwd.

Enter the user's password.